Currently utilizing a JWT authentication schema where the tokens have "Bearer: in the schema. Is it possible to remove the "Bearer" prefix so I wouldn't need to add it on the client side just to parse it out on the backend again? Is there a way to do this without implementing a custom scheme (So while still using the Bearer scheme) AND without having to parse the actual token for the "Bearer: " text?
Right now, the code looks like:
var token = req.headers.authorization;
var newToken = token.replace("Bearer ", "");
jwt.verify(newToken, jwtSecret, function (err, success) {
if (err) {
return res.
status(401).
end('Unauthorized, invalidtoken');
} else {
return next();
}
})
Ideally it would be implemented as such:
var token = req.headers.authorization;
jwt.verify(token, jwtSecret, function (err, success) {
if (err) {
return res.
status(401).
end('Unauthorized, invalidtoken');
} else {
return next();
}
})
Would this be okay? What are the implications of removing "Bearer" from the jwt authorization headers ?
Thanks
var tokenis actually an HTTP header which contains schema and token. Instead of replacing, you need to split the header, compare actual schema with expected "Bearer", and reject request instantly if it doesn't match. - Alex BlexBearer. See previously asked and beautifully answered: stackoverflow.com/a/33281233/1870891 further reference: stackoverflow.com/a/47157391/1870891 - Marko Bajlovic